Commit Graph

1010 Commits

Author SHA1 Message Date
Morris Jobke 407a500745 Merge pull request #5803 from nextcloud/fix-public-links
fix preview for public links
2017-07-21 09:34:36 +02:00
Lukas Reschke 3d2600b039
Add Phan plugin to check for SQL injections
This adds a phan plugin which checks for SQL injections on code using our QueryBuilder, while it isn't perfect it should already catch most potential issues.

As always, static analysis will sometimes have false positives and this is also here the case. So in some cases the analyzer just doesn't know if something is potential user input or not, thus I had to add some `@suppress SqlInjectionChecker` in front of those potential injections.

The Phan plugin hasn't the most awesome code but it works and I also added a file with test cases.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-07-20 22:48:13 +02:00
Bjoern Schiessle ae8a3ce085
fix preview for public links
in case a user is already logged in on the same server from
which the public link comes from, we need to setup the owners
file system in order to show the preview

Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-07-20 11:24:52 +02:00
Joas Schilling 3ff3c338c9 Merge pull request #5734 from nextcloud/only-readable-chars-in-share-tokens
Only use readable chars in Share Tokens
2017-07-19 16:40:18 +02:00
Joas Schilling 984933e586
Only use readable chars in Share Tokens
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-07-18 15:44:34 +02:00
Nextcloud bot a23cdd04bb
[tx-robot] updated from transifex 2017-07-15 00:08:54 +00:00
Nextcloud bot 261513b04a
[tx-robot] updated from transifex 2017-07-13 00:08:31 +00:00
Nextcloud bot 13295c2d1d
[tx-robot] updated from transifex 2017-07-12 00:08:43 +00:00
Morris Jobke b4deba2078 Merge pull request #5483 from nextcloud/issue-5075-png-files-for-activity-emails
Use PNGs for icons in activity emails
2017-07-07 11:05:00 +02:00
Bjoern Schiessle f186a5cfb1
fix and extend dav test to also test the master-key setup
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-07-06 11:47:11 +02:00
Joas Schilling b27819785e
Don't log passwords on dav exceptions
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-06-29 17:20:10 +02:00
Nextcloud bot 6e52c8a794
[tx-robot] updated from transifex 2017-06-26 00:08:31 +00:00
Morris Jobke eb9aedf44b Enhance the logging if the part file can not be renamed
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-06-22 17:50:14 -05:00
Joas Schilling 90fa27694a
Use PNG version of the icons for shipped activities
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-06-20 13:48:51 +02:00
Nextcloud bot 26d6c4a64a
[tx-robot] updated from transifex 2017-06-17 00:08:26 +00:00
Joas Schilling 698a7cb7f0 Merge pull request #5124 from nextcloud/allow-dirlisting-with-unreadable-items
Allow dir-listing also when one child is blocked by access control
2017-06-16 10:47:08 +02:00
Morris Jobke ca3c69c8ae Merge pull request #5298 from nextcloud/bugfix/4885/calendar_shares_url_special_char_issue
urldecode group principals in Cal- and CardDAV backend
2017-06-14 23:10:40 -05:00
Morris Jobke ac565cecad Merge pull request #5300 from nextcloud/bugfix/noid/fix_proppatch_requests_to_groupshares
allow users to send PropPatch request when calendar is group-shared with them
2017-06-14 23:00:39 -05:00
Nextcloud bot 7a269ae872
[tx-robot] updated from transifex 2017-06-15 00:08:40 +00:00
Morris Jobke f38f2baa5a Merge pull request #5295 from nextcloud/bugfix/5077/allow_proppatches_to_birthday_calendar
allow PropPatch requests to contact_birthdays
2017-06-13 18:11:13 -05:00
Lukas Reschke 633396001f
Prevent sending second WWW-Authenticate header
Overrides \Sabre\DAV\Auth\Backend\AbstractBearer::challenge to prevent sending a second WWW-Authenticate header which is standard-compliant but most DAV clients simply fail hard.

Fixes https://github.com/nextcloud/server/issues/5088

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-06-13 13:54:52 +02:00
Georg Ehrke 35781ae45c
urldecode group principals in Cal- and CardDAV backend
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
2017-06-12 21:01:30 +02:00
Georg Ehrke a0c2e6e922
add missing parent::setUp that broke any other dav app test
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
2017-06-08 19:26:36 +02:00
Georg Ehrke 0f1d47cdf3
allow users to send PropPatch request when calendar is group-shared with them
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
2017-06-08 09:21:56 +02:00
Georg Ehrke 9563c25c69
allow PropPatch requests to contact_birthdays
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
2017-06-08 08:00:52 +02:00
Joas Schilling b6d6f3c521
Fix unit test
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-06-07 11:24:00 +02:00
Nextcloud bot a3c5d43cd5
[tx-robot] updated from transifex 2017-06-07 00:09:00 +00:00
Nextcloud bot f03d6f225e
[tx-robot] updated from transifex 2017-06-04 00:08:29 +00:00
Nextcloud bot 5d39f700e4
[tx-robot] updated from transifex 2017-06-03 00:09:00 +00:00
Nextcloud bot 8801b68d45
[tx-robot] updated from transifex 2017-06-01 00:08:38 +00:00
Nextcloud bot b9b7f8bede
[tx-robot] updated from transifex 2017-05-30 00:08:44 +00:00
Nextcloud bot e3e3e8edf2
[tx-robot] updated from transifex 2017-05-27 00:08:32 +00:00
Joas Schilling d0c614a322
Allow dir-listing also when one child is blocked by access control
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-05-26 15:54:39 +02:00
Nextcloud bot a46d2f1d39
[tx-robot] updated from transifex 2017-05-25 00:08:04 +00:00
Roeland Jago Douma 30ac7ec2bf Merge pull request #5004 from nextcloud/bugfix/fix_replacing_4mbunicode_for_calendar_properties_table
fix replacing of 4MB Unicode Chars in cal props table
2017-05-23 13:26:10 +02:00
Nextcloud bot 9c8a838624
[tx-robot] updated from transifex 2017-05-23 00:08:29 +00:00
Joas Schilling bc8fbc1a67
Bump app versions as well
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-05-22 10:35:25 +02:00
Joas Schilling fdfe8f7f15
Adjust version requirement
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-05-22 10:32:05 +02:00
Georg Ehrke 4b5379309e
fix replacing of 4MB Unicode Chars in cal props table
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
2017-05-21 13:26:46 +02:00
Nextcloud bot e24105feba
[tx-robot] updated from transifex 2017-05-19 00:08:26 +00:00
Lukas Reschke 639ba526d0
Adjust realm from SabreDAV to Nextcloud
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-05-18 21:38:55 +02:00
Lukas Reschke f93db724d7
Make legacy DAV backend use the BearerAuth backend as well
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-05-18 21:19:39 +02:00
Lukas Reschke df3909a7c3
Use Bearer backend for SabreDAV
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-05-18 20:49:10 +02:00
Lukas Reschke 5f71805c35
Add basic implementation for OAuth 2.0 Authorization Code Flow
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-05-18 20:49:03 +02:00
Nextcloud bot d41fd7471c
[tx-robot] updated from transifex 2017-05-18 00:07:48 +00:00
Nextcloud bot 11e04e394d
[tx-robot] updated from transifex 2017-05-17 15:56:32 +00:00
Nextcloud bot 443cbdc739
[tx-robot] updated from transifex 2017-05-17 00:08:09 +00:00
Nextcloud bot 7d1f362aa0
[tx-robot] updated from transifex 2017-05-16 00:08:08 +00:00
Roeland Jago Douma cef2110263
Revert "fix objectstore rename"
This reverts commit 5334a3dc33.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-05-15 13:59:18 +02:00
Nextcloud bot 6e3a914f4a
[tx-robot] updated from transifex 2017-05-13 00:08:00 +00:00